Today, a Security Bulletin (APSB13-08) has been posted to address security issues in Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux.

Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target Flash Player in Firefox.

Adobe recommends users apply the updates for their product installations.

Weekly Summary This week, a lot of high profile companies have come forward about being victims of attacks. Companies like Apple and Facebook fell victims of Java exploits when browsing a well-known iOS developer forum, causing their computers to be taken over by attackers. This once again goes to show the importance of keeping your systems updated as much as you can and removing software you don’t need. If there’s need for a browser plugin such as Java or Adobe Acrobat Reader, then don’t have it activated in your primary browser but simply keep it enabled in a secondary browser for those specific Java websites.

NBC.com was also compromised this week, causing everyone visiting the site (many tens of thousands) to be redirected to a site serving malware. The malware exploited previously known Java and Adobe Acrobat Reader vulnerabilities to take control over the victim’s computers.

There’s also been reported by The New York Times that a unit within the Chinese Army is seen as tied to hacking against the U.S. China in turn denied this accusation.

On the good side of things, Google have released information that they have reduced the number of compromised accounts by 99.7% since their peak in 2011.

Security tips In light of the latest breaches, we’d like to suggest that you have a look at the software and browser plugins you have installed on your system(s). Unfortunately, depending on an antivirus just doesn’t cut it, as malware is transforming and mutating which means your antivirus won’t find the reported malware signature. Attackers are also applying vulnerabilities faster and faster, which means that the time between disclosure of a vulnerability to the time when it’s being exploited through ad networks or hijacked sites is much shorter these days.

The first step is to simply check which software you have installed, and uninstalling the ones you don’t have an explicit need for. Once you have uninstalled the applications and browser plugins you don’t need, it’s time to update them.

As for your software, it’s a matter of visiting the developer’s webpage and verifying that you’re using the latest version of their software. To keep your OS automatically patched through Windows Update or Mac’s Software Update goes without saying.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

A weakness and multiple vulnerabilities have been reported in [Mozilla Firefox], Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

The weakness and the vulnerabilities are reported in [Firefox versions prior to 19,] Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.

Firefox 19 also contains their all new built-in PDF reader, which means that both Chrome and Firefox now has built in PDF readers. Those wanting to secure themselves from last week’s Adobe Acrobat Reader vulnerability could therefore choose Firefox as the alternative as well.

A new version of Java has been released (version 7 update 15 and version 6 update 41), fixing four “Highly Critical” security vulnerabilities. You can download the latest version here: http://www.java.com Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version: http://www.java.com/en/download/help/java_update.xml Remember to delete any previous installed Java versions from your system when you update. See http://java.com/en/download/faq/remove_olderversions.xml for assistance with this. This is the final public release of java 1.6.0 and Oracle will not provide more free security fixes for version 6.

Weekly Summary Bit9, the security company that is used by many Fortune 100 firms and the U.S. Government for their software and network security was compromised last Friday. The attackers compromised Bit9’s network by gaining entry to some computers inside the Bit9 network where they had unfortunately forgot to install their own software. Said attackers then signed certain malware as “safe”, which gave them the ability to deploy malware on the target, which was protected by Bit9. It was also found out that an exploit had been sitting on one of LA Times Websites for six weeks, redirecting users to a Blackhole exploit kit. This reiterates the importance of doing continuous security and vulnerability checks on your websites.

Security tips Two-factor auth means additional security in the way that you have more than one authentication factor, and you are already using it today with your bank (in order to get money out of the ATM you need to input both a Card and a PIN code). You can enable two-factor authentication on a lot of services such as Google/Gmail, Lastpass, Facebook, Dropbox, Yahoo! Mail, Amazon Web Services and WordPress, and its advised to do so. Of course, using two factor auth does not mean you’re complete safe though as you could for example become the victim of a Man In The Middle attack, so continue being careful after you have activated it.

Adobe has aknowledged a zero-day exploit for their Adobe Acrobat Reader product, and it’s currently being exploited in the wild. It appears that all versions of Adobe Acrobat Reader are affected by this, and there is at this time no update available that fixes the issue.

Because of this, we recommend uninstalling Adobe Acrobat Reader if you have it on your computer, as your current operating system probably have built in support for reading pdf files anyway. There is a built in pdf viewer in Mac OS X, Windows 8 and Ubuntu. Those running Windows 7 or below could install Google Chrome and use the pdf reader that’s built into browser.

UPDATE: Since this post, Firefox 19 has been released which also has a built in PDF reader.